CVE-2025-1118

MEDIUM Year: 2025
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-501
View all →

Vulnerability Description

A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.

Related Vulnerabilities

CVE-2024-20265

MEDIUM
CVSS:5.9(Medium)

A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that h...

CWE-5012024

CVE-2020-4077

CRITICAL
CVSS:9.9(Critical)

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and...

CWE-5012020

CVE-2022-1799

CRITICAL
CVSS:9.8(Critical)

Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrad...

CWE-5012022

CVE-2020-4076

CRITICAL
CVSS:9.0(Critical)

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and...

CWE-5012020

CVE-2024-49050

HIGH
CVSS:8.8(High)

Visual Studio Code Python Extension Remote Code Execution Vulnerability

CWE-5012024

CVE-2024-23682

HIGH
CVSS:8.2(High)

Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbi...

CWE-5012024